70cfaa55a423f2e124af81f0f28479349b48d1a73974aaab6480c81c82b5b4a9

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 14:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SmileboxClient.exe
Size

1.1MB
MD5

2ad74cad91a943705d3234c2a2e611c1
SHA1

3d34703b12180e467348a3b4b79fd0649ff7c945
SHA256

8c656e06527ef9289631375aa96cc7acc70b3dfc08492f8c09fcb44a79da869e
SHA512

083c36d1b48b2b7d571f8f4265a98895bb87e5b7565c4185a3be1cba718e018d79f8b6dba2a28ed2ef1d05f144a416d3b7e7767bc6c7fa6e0334c9e7b523a36d
SSDEEP

24576:ypedon+tjS7OqnqrHuE3mQI5Z8zFplByVVSX2h50HF+wgWN+ZbJBY0:IedTQ7OqlpuOi0

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SmileboxTray = "\"C:\\Users\\Admin\\AppData\\Roaming\\Smilebox\\SmileboxTray.exe\""	SmileboxClient.exe

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\smilebox\shell\open	SmileboxClient.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\MIME\Database	SmileboxClient.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\MIME\Database\Content Type	SmileboxClient.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\MIME\Database\Content Type\application/smilebox	SmileboxClient.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Smilebox.archive\shell	SmileboxClient.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\smilebox	SmileboxClient.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\smilebox\shell\open\command	SmileboxClient.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\MIME	SmileboxClient.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Smilebox.archive\DefaultIcon	SmileboxClient.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Smilebox.archive\shell\open	SmileboxClient.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Smilebox.archive\shell\open\command	SmileboxClient.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\smilebox\DefaultIcon	SmileboxClient.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Smilebox.archive	SmileboxClient.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\smilebox\shell	SmileboxClient.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.smilebox	SmileboxClient.exe

C:\Users\Admin\AppData\Local\Temp\SmileboxClient.exe
"C:\Users\Admin\AppData\Local\Temp\SmileboxClient.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
PID:1840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Smilebox\smilebox.log

Filesize
877B

MD5
713feb7fe349d4bcf641c64089552ed3

SHA1
4e3dd5c0e7f27817975665dc7686f369db070edc

SHA256
a730ea3bdcbe603e00208e543fa0fd163666804d63c01c4fe7b3331f86042ea2

SHA512
001d8a7a06d015a94b7ae9d692304d790017a3e7da20ef141aa22f23d77122110112eb5cad22f671a5fd081d903fe31ab457d3387edcf01134c370336876ddac

Download Submit
C:\Users\Admin\AppData\Roaming\Smilebox\smilebox.log

Filesize
782B

MD5
e91fd55bd0c6b05100091b50091e5874

SHA1
a248989d79c4aca5e6dec341e0e328f2a92abced

SHA256
3139b65e371961570f78bebbcb25709fc0b5ee96cdf68db2bb5fd765536cfc5b

SHA512
abf358469c98c51f0653bb8767dcf5b2f9afdd31242954588b6ee7ce6911c9f9e2144629f74e8876de1ec751337c9ea753b7fb62ac65ff3909beb46a2015b5c7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads